MPLS draft-schrijvp-mpls-ldp-end-to-end-auth-03.txt

[Olivier Paridaens <Olivier.Paridaens@alcatel.be>]

NAME OF I-D

http://www.ietf.org/internet-drafts/draft-schrijvp-mpls-ldp-end-to-end-auth-03.txt

SUMMARY

The Label Distribution Protocol (LDP), as currently defined, makes
   use of the TCP MD5 Signature option to protect (authentication and
   integrity) the LDP traffic between two adjacent LSRs. This document
   specifies extensions to LDP to enable end-to-end authentication
   between non-adjacent LSR's (ie not directly connected via a TCP
   connection) that are setting up an LSP. Two mechanisms are defined
   that also provide integrity protection of the information carried
   within LDP messages and protect against the malicious replay of LDP
   messages. Both proposed mechanisms require ordered control LDP and
   can also be applied to CR-LDP.

RELATED DOCUMENTS

none

WHERE DOES IT FIT IN THE PICTURE OF THE SUB-IP WORK

mpls box.

WHY IS IT TARGETED AT THIS WG

This document describes mechanisms that can be used to provide
authentication of LSP originators within LDP, as described in the MPLS
WG charter.

JUSTIFICATION

This document is justified by the fact that it covers goal 3 of the MPLS
WG charter, which requests the specification of appropriate extensions
to LDP and RSVP for authentication of LSP originators. The present
document actually proposes such mechanisms for LDP.

-- 
Olivier Paridaens
Alcatel Corporate Network Strategy Group
Security Technologies

NSG Web site: http://www.rc.bel.alcatel.be/nsg/index.htm
Security group Web site:
http://www.rc.bel.alcatel.be/~paridaeo/Security-TF.html